1
22
23 package com.liferay.portlet.enterpriseadmin.action;
24
25 import com.liferay.portal.NoSuchRoleException;
26 import com.liferay.portal.RolePermissionsException;
27 import com.liferay.portal.kernel.servlet.SessionErrors;
28 import com.liferay.portal.kernel.servlet.SessionMessages;
29 import com.liferay.portal.kernel.util.ArrayUtil;
30 import com.liferay.portal.kernel.util.Constants;
31 import com.liferay.portal.kernel.util.ListUtil;
32 import com.liferay.portal.kernel.util.ParamUtil;
33 import com.liferay.portal.kernel.util.StringUtil;
34 import com.liferay.portal.kernel.util.Validator;
35 import com.liferay.portal.model.GroupConstants;
36 import com.liferay.portal.model.ResourceConstants;
37 import com.liferay.portal.model.Role;
38 import com.liferay.portal.model.RoleConstants;
39 import com.liferay.portal.security.auth.PrincipalException;
40 import com.liferay.portal.security.permission.ResourceActionsUtil;
41 import com.liferay.portal.security.permission.comparator.ActionComparator;
42 import com.liferay.portal.service.PermissionServiceUtil;
43 import com.liferay.portal.service.ResourcePermissionServiceUtil;
44 import com.liferay.portal.service.RoleLocalServiceUtil;
45 import com.liferay.portal.struts.PortletAction;
46 import com.liferay.portal.theme.ThemeDisplay;
47 import com.liferay.portal.util.PropsValues;
48 import com.liferay.portal.util.WebKeys;
49
50 import java.util.HashMap;
51 import java.util.List;
52 import java.util.Map;
53
54 import javax.portlet.ActionRequest;
55 import javax.portlet.ActionResponse;
56 import javax.portlet.PortletConfig;
57 import javax.portlet.RenderRequest;
58 import javax.portlet.RenderResponse;
59
60 import org.apache.struts.action.ActionForm;
61 import org.apache.struts.action.ActionForward;
62 import org.apache.struts.action.ActionMapping;
63
64
70 public class EditRolePermissionsAction extends PortletAction {
71
72 public void processAction(
73 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
74 ActionRequest actionRequest, ActionResponse actionResponse)
75 throws Exception {
76
77 String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
78
79 try {
80 if (cmd.equals("actions")) {
81 updateActions(actionRequest, actionResponse);
82 }
83 else if (cmd.equals("delete_permission")) {
84 deletePermission(actionRequest, actionResponse);
85 }
86 }
87 catch (Exception e) {
88 if (e instanceof NoSuchRoleException ||
89 e instanceof PrincipalException ||
90 e instanceof RolePermissionsException) {
91
92 SessionErrors.add(actionRequest, e.getClass().getName());
93
94 setForward(actionRequest, "portlet.enterprise_admin.error");
95 }
96 else {
97 throw e;
98 }
99 }
100 }
101
102 public ActionForward render(
103 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
104 RenderRequest renderRequest, RenderResponse renderResponse)
105 throws Exception {
106
107 try {
108 ActionUtil.getRole(renderRequest);
109 }
110 catch (Exception e) {
111 if (e instanceof NoSuchRoleException ||
112 e instanceof PrincipalException) {
113
114 SessionErrors.add(renderRequest, e.getClass().getName());
115
116 return mapping.findForward("portlet.enterprise_admin.error");
117 }
118 else {
119 throw e;
120 }
121 }
122
123 return mapping.findForward(getForward(
124 renderRequest, "portlet.enterprise_admin.edit_role_permissions"));
125 }
126
127 protected void deletePermission(
128 ActionRequest actionRequest, ActionResponse actionResponse)
129 throws Exception {
130
131 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
132 WebKeys.THEME_DISPLAY);
133
134 long roleId = ParamUtil.getLong(actionRequest, "roleId");
135 long permissionId = ParamUtil.getLong(actionRequest, "permissionId");
136 String name = ParamUtil.getString(actionRequest, "name");
137 int scope = ParamUtil.getInteger(actionRequest, "scope");
138 String primKey = ParamUtil.getString(actionRequest, "primKey");
139 String actionId = ParamUtil.getString(actionRequest, "actionId");
140
141 Role role = RoleLocalServiceUtil.getRole(roleId);
142
143 if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
144 role.getName().equals(RoleConstants.OWNER) ||
145 role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
146 role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
147 role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
148 role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
149
150 throw new RolePermissionsException(role.getName());
151 }
152
153 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
154 ResourcePermissionServiceUtil.removeResourcePermission(
155 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
156 name, scope, primKey, roleId, actionId);
157 }
158 else {
159 PermissionServiceUtil.unsetRolePermission(
160 roleId, themeDisplay.getScopeGroupId(), permissionId);
161 }
162
163
165 SessionMessages.add(actionRequest, "permissionDeleted");
166
167 String redirect = ParamUtil.getString(actionRequest, "redirect");
168
169 actionResponse.sendRedirect(redirect);
170 }
171
172 protected void updateAction_1to5(
173 ActionRequest actionRequest, Role role, long groupId,
174 String selResource, String actionId)
175 throws Exception {
176
177 long roleId = role.getRoleId();
178
179 int scope = ParamUtil.getInteger(
180 actionRequest, "scope" + selResource + actionId);
181
182 if (scope == ResourceConstants.SCOPE_COMPANY) {
183 PermissionServiceUtil.setRolePermission(
184 roleId, groupId, selResource, scope,
185 String.valueOf(role.getCompanyId()), actionId);
186 }
187 else if (scope == ResourceConstants.SCOPE_GROUP) {
188 if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
189 (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
190
191 PermissionServiceUtil.setRolePermission(
192 roleId, groupId, selResource,
193 ResourceConstants.SCOPE_GROUP_TEMPLATE,
194 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
195 actionId);
196 }
197 else {
198 String[] groupIds = StringUtil.split(
199 ParamUtil.getString(
200 actionRequest, "groupIds" + selResource + actionId));
201
202 if (groupIds.length == 0) {
203 SessionErrors.add(
204 actionRequest, "missingGroupIdsForAction");
205
206 return;
207 }
208
209 groupIds = ArrayUtil.distinct(groupIds);
210
211 PermissionServiceUtil.unsetRolePermissions(
212 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
213 actionId);
214
215 for (String curGroupId : groupIds) {
216 PermissionServiceUtil.setRolePermission(
217 roleId, groupId, selResource,
218 ResourceConstants.SCOPE_GROUP, curGroupId, actionId);
219 }
220 }
221 }
222 else {
223
224
226 PermissionServiceUtil.unsetRolePermissions(
227 roleId, groupId, selResource, ResourceConstants.SCOPE_COMPANY,
228 actionId);
229
230 PermissionServiceUtil.unsetRolePermissions(
231 roleId, groupId, selResource,
232 ResourceConstants.SCOPE_GROUP_TEMPLATE, actionId);
233
234 PermissionServiceUtil.unsetRolePermissions(
235 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
236 actionId);
237 }
238 }
239
240 protected void updateAction_6(
241 ActionRequest actionRequest, Role role, long groupId,
242 String selResource, String actionId)
243 throws Exception {
244
245 long companyId = role.getCompanyId();
246 long roleId = role.getRoleId();
247
248 int scope = ParamUtil.getInteger(
249 actionRequest, "scope" + selResource + actionId);
250
251 if (scope == ResourceConstants.SCOPE_COMPANY) {
252 ResourcePermissionServiceUtil.addResourcePermission(
253 groupId, companyId, selResource, scope,
254 String.valueOf(role.getCompanyId()), roleId, actionId);
255 }
256 else if (scope == ResourceConstants.SCOPE_GROUP) {
257 if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
258 (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
259
260 ResourcePermissionServiceUtil.addResourcePermission(
261 groupId, companyId, selResource,
262 ResourceConstants.SCOPE_GROUP_TEMPLATE,
263 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
264 roleId, actionId);
265 }
266 else {
267 String[] groupIds = StringUtil.split(
268 ParamUtil.getString(
269 actionRequest, "groupIds" + selResource + actionId));
270
271 if (groupIds.length == 0) {
272 SessionErrors.add(
273 actionRequest, "missingGroupIdsForAction");
274
275 return;
276 }
277
278 groupIds = ArrayUtil.distinct(groupIds);
279
280 ResourcePermissionServiceUtil.removeResourcePermissions(
281 groupId, companyId, selResource,
282 ResourceConstants.SCOPE_GROUP, roleId, actionId);
283
284 for (String curGroupId : groupIds) {
285 ResourcePermissionServiceUtil.addResourcePermission(
286 groupId, companyId, selResource,
287 ResourceConstants.SCOPE_GROUP, curGroupId, roleId,
288 actionId);
289 }
290 }
291 }
292 else {
293
294
296 ResourcePermissionServiceUtil.removeResourcePermissions(
297 groupId, companyId, selResource,
298 ResourceConstants.SCOPE_COMPANY, roleId, actionId);
299
300 ResourcePermissionServiceUtil.removeResourcePermissions(
301 groupId, companyId, selResource,
302 ResourceConstants.SCOPE_GROUP_TEMPLATE, roleId, actionId);
303
304 ResourcePermissionServiceUtil.removeResourcePermissions(
305 groupId, companyId, selResource, ResourceConstants.SCOPE_GROUP,
306 roleId, actionId);
307 }
308 }
309
310 protected void updateActions(
311 ActionRequest actionRequest, ActionResponse actionResponse)
312 throws Exception {
313
314 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
315 WebKeys.THEME_DISPLAY);
316
317 long roleId = ParamUtil.getLong(actionRequest, "roleId");
318
319 Role role = RoleLocalServiceUtil.getRole(roleId);
320
321 if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
322 role.getName().equals(RoleConstants.OWNER) ||
323 role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
324 role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
325 role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
326 role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
327
328 throw new RolePermissionsException(role.getName());
329 }
330
331 String portletResource = ParamUtil.getString(
332 actionRequest, "portletResource");
333 String[] modelResources = StringUtil.split(
334 ParamUtil.getString(actionRequest, "modelResources"));
335
336 Map<String, List<String>> resourceActionsMap =
337 new HashMap<String, List<String>>();
338
339 if (Validator.isNotNull(portletResource)) {
340 resourceActionsMap.put(
341 portletResource,
342 ResourceActionsUtil.getResourceActions(portletResource, null));
343 }
344
345 for (String modelResource : modelResources) {
346 resourceActionsMap.put(
347 modelResource,
348 ResourceActionsUtil.getResourceActions(null, modelResource));
349 }
350
351 for (Map.Entry<String, List<String>> entry :
352 resourceActionsMap.entrySet()) {
353
354 String selResource = entry.getKey();
355 List<String> actions = entry.getValue();
356
357 actions = ListUtil.sort(
358 actions,
359 new ActionComparator(
360 themeDisplay.getCompanyId(), themeDisplay.getLocale()));
361
362 for (String actionId : actions) {
363 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
364 updateAction_6(
365 actionRequest, role, themeDisplay.getScopeGroupId(),
366 selResource, actionId);
367 }
368 else {
369 updateAction_1to5(
370 actionRequest, role, themeDisplay.getScopeGroupId(),
371 selResource, actionId);
372 }
373 }
374 }
375
376
378 SessionMessages.add(actionRequest, "permissionsUpdated");
379
380 String redirect =
381 ParamUtil.getString(actionRequest, "redirect") + "&" +
382 Constants.CMD + "=" + Constants.VIEW;
383
384 actionResponse.sendRedirect(redirect);
385 }
386
387 }